bashclub/nasbeery
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: bashclub:main
Branches Tags
bashclub:main
bashclub:dev
..
compare: bashclub:dev
Branches Tags
bashclub:dev
bashclub:main

9 Commits
main ... dev

Author SHA1 Message Date
thorsten.spille
ff4c61ee2a Replace tee by > 2023-09-06 15:10:08 +02:00
thorsten.spille
cb7bc79022 Fix kernels and znapzend 2023-09-06 14:52:30 +02:00
thorsten.spille
90bb87792b Add linux-image-arm64 2023-09-05 13:44:40 +02:00
Thorsten Spille
bdcc9fcca6 Fix for ubuntu support 2023-08-10 20:57:19 +02:00
Thorsten Spille
596337836c fix url in dev 2023-08-10 20:22:27 +02:00
Thorsten Spille
134b8b11cd Add raspi ubuntu kernel 2023-08-10 20:20:00 +02:00
thorsten.spille
c52d60b56e Add cockpit-pcp 2023-06-07 00:43:40 +02:00
thorsten.spille
7d7ba62a5d Only include wssd repo for debian bullseye 2023-06-07 00:18:56 +02:00
thorsten.spille
c0d8960b67 Add support for Debian bookworm 2023-06-07 00:04:34 +02:00
2 changed files with 56 additions and 41 deletions
Show Stats Expand all files Collapse all files

10
README.md
View File

@ -1,15 +1,7 @@
---- THIS IS A CLONE OF THE ORIGINAL REPOSITORY ON git.bashclub.org ----
# nasbeery
Installer for NasBeery ZFS NAS for Raspberry PI 4 and 400 on Raspberry Pi OS Lite 64-Bit
```bash
wget -O setup-nasbeery https://github.com/bashclub/nasbeery/raw/main/setup-nasbeery
wget -O setup-nasbeery https://github.com/bashclub/nasbeery/raw/dev/setup-nasbeery
bash setup-nasbeery
```
# Authors
### Christian Zengel
https://aow.de
### Thorsten Spille
[<img src="https://storage.ko-fi.com/cdn/brandasset/kofi_s_tag_dark.png" rel="Support me on Ko-Fi">](https://ko-fi.com/thorakel)

87
setup-nasbeery
View File

@ -18,6 +18,20 @@ usage() {
exit $1
}
if [ -f /etc/os-release ]; then
source /etc/os-release
else
echo "File /etc/os-release not found. Please refer to the documentation if your distro is supported."
exit 1
fi
if [[ ${VERSION_CODENAME} == "bullseye" ]] || [[ ${VERSION_CODENAME} == "bookworm" ]] || [[ ${VERSION_CODENAME} == "jammy" ]] || [[ ${VERSION_CODENAME} == "lunar" ]]; then
echo "Your distro $ID ${VERSION_CODENAME} is supported."
else
echo "Your distro $ID ${VERSION_CODENAME} is not supported."
exit 1
fi
USERNAME=nasbeery
HOSTNAME=nasbeery
DOMAIN=bashclub.lan
@ -68,21 +82,24 @@ whiptail --title "Possible data loss!" \
--yesno "Would you like to preserve you existing ZFS data from a previous installation?" 10 75
FORMAT=$?
# pin cockpit to buster backports
echo "Configure apt to install cockpit from backports repo"
cat << EOF | tee -i /etc/apt/preferences.d/99-cockpit
if [[ $ID == "debian" ]]; then
# pin cockpit to buster backports
echo "Configure apt to install cockpit from backports repo"
cat << EOF > /etc/apt/preferences.d/99-cockpit
Package: cockpit cockpit-*
Pin: release a=bullseye-backports
Pin: release a=${VERSION_CODENAME}-backports
Pin-Priority: 900
EOF
grep contrib /etc/apt/sources.list
if [ $? -gt 0 ]; then
sed -i "s/main/main contrib non-free/g" /etc/apt/sources.list
fi
grep contrib /etc/apt/sources.list
if [ $? -gt 0 ]; then
sed -i "s/main/main contrib non-free/g" /etc/apt/sources.list
fi
echo "Add debian bullseye backports repo"
echo "deb http://ftp.de.debian.org/debian/ bullseye-backports main contrib non-free" | tee -i /etc/apt/sources.list.d/bulleye-backports.list
echo "Add debian ${VERSION_CODENAME} backports repo"
echo "deb http://ftp.de.debian.org/debian/ ${VERSION_CODENAME}-backports main contrib non-free" > /etc/apt/sources.list.d/${VERSION_CODENAME}-backports.list
fi
# update system and install packages
echo "Updating package lists"
@ -92,6 +109,14 @@ DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::opti
echo "Detecting Architecture"
if [[ $(dpkg --get-selections | grep -m1 "raspberrypi-kernel") ]]; then
headers="raspberrypi-kernel-headers"
elif [[ $(dpkg --get-selections | grep -m1 "linux-image-raspi") ]]; then
headers="linux-headers-raspi"
elif [[ $(dpkg --get-selections | grep -m1 "linux-image-arm64") ]]; then
headers="linux-headers-arm64"
elif [[ $(dpkg --get-selections | grep -m1 "linux-image-generic") ]]; then
headers="linux-headers-generic"
elif [[ $(dpkg --get-selections | grep -m1 "linux-image-riscv64") ]]; then
headers="linux-headers-riscv64"
elif [[ $(dpkg --get-selections | grep -E -m1 "linux-image-current-rockchip64") ]]; then
headers="linux-headers-current-rockchip64"
elif [[ $(dpkg --get-selections | grep -E -m1 "linux-image-edge-rockchip64") ]]; then
@ -100,26 +125,24 @@ elif [[ $(dpkg --get-selections | grep -E -m1 "linux-image-current-meson64") ]];
headers="linux-headers-current-meson64"
elif [[ $(dpkg --get-selections | grep -E -m1 "linux-image-edge-meson64") ]]; then
headers="linux-headers-edge-meson64"
elif [[ $(dpkg --get-selections | grep -m1 "linux-image-generic") ]]; then
headers="linux-headers-generic"
elif [[ $(dpkg --get-selections | grep -m1 "linux-image-raspi") ]]; then
headers="linux-headers-raspi"
elif [[ $(dpkg --get-selections | grep -m1 "linux-image-amd64") ]]; then
headers="linux-headers-amd64"
fi
echo "Intalling required packages"
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install $headers ntpdate git apt-transport-https gnupg2 software-properties-common vim htop net-tools dnsutils dpkg-dev
# add extra apt keys
echo "Add wsdd apt repo key"
wget -O - https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key | gpg --dearmor | tee -i /etc/apt/trusted.gpg.d/wsdd.gpg
if [[ ${VERSION_CODENAME} == "bullseye" ]]; then
# add extra apt keys
echo "Add wsdd apt repo key"
wget -O - https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key | gpg --dearmor > /etc/apt/trusted.gpg.d/wsdd.gpg
# add extra apt repos
echo "Add wsdd apt repo url"
echo "deb [signed-by=/etc/apt/trusted.gpg.d/wsdd.gpg] https://pkg.ltec.ch/public/ $(lsb_release -cs) main" | tee -i /etc/apt/sources.list.d/wsdd.list
# add extra apt repos
echo "Add wsdd apt repo url"
echo "deb [signed-by=/etc/apt/trusted.gpg.d/wsdd.gpg] https://pkg.ltec.ch/public/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wsdd.list
fi
echo "add 45drives repo key"
wget -O - https://repo.45drives.com/key/gpg.asc | gpg --dearmor | tee -i /etc/apt/trusted.gpg.d/45drives.gpg
wget -O - https://repo.45drives.com/key/gpg.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/45drives.gpg
echo "Add 45drives apt repo url"
echo "deb [signed-by=/etc/apt/trusted.gpg.d/45drives.gpg arch=amd64] https://repo.45drives.com/debian focal main" > /etc/apt/sources.list.d/45drives.list
@ -127,11 +150,11 @@ echo "deb [signed-by=/etc/apt/trusted.gpg.d/45drives.gpg arch=amd64] https://rep
echo "Updating package lists"
apt -qq update
echo "Installing samba"
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t bullseye-backports acl samba-dsdb-modules samba-vfs-modules samba winbind wsdd zfs-dkms zfsutils-linux zfs-auto-snapshot
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install -t ${VERSION_CODENAME}-backports acl samba-dsdb-modules samba-vfs-modules samba winbind wsdd zfs-dkms zfsutils-linux zfs-auto-snapshot
ARCH=$(arch)
if [[ "${ARCH}" == "aarch64" ]] || [[ "${ARCH}" == "riscv64" ]]; then
if [[ "${ARCH}" == "aarch64" ]]; then
znapzend_version=$(apt search znapzend 2>/dev/null | grep znapzend | cut -d ' ' -f2)
wget -O znapzend_${znapzend_version}_amd64.deb https://repo.45drives.com/debian/pool/main/z/znapzend/znapzend_${znapzend_version}_amd64.deb
mkdir znapzend
@ -146,7 +169,7 @@ if [[ "${ARCH}" == "aarch64" ]] || [[ "${ARCH}" == "riscv64" ]]; then
fi
echo "Installing cockpit"
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator cockpit-zfs-manager cockpit-benchmark cockpit-pcp
echo "Activate zfs module"
modprobe zfs
@ -182,7 +205,7 @@ echo "Remove small Diffie-Hellman moduli"
awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.safe
mv -f /etc/ssh/moduli.safe /etc/ssh/moduli
echo "Restrict supported key exchange, cipher, and MAC algorithms"
echo -e "\n# Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com\n# hardening guide.\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\nHostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com" | tee -i /etc/ssh/sshd_config.d/ssh-audit_hardening.conf
echo -e "\n# Restrict key exchange, cipher, and MAC algorithms, as per sshaudit.com\n# hardening guide.\nKexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\nHostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com" > /etc/ssh/sshd_config.d/ssh-audit_hardening.conf
if [ ! $(zfs list $ZPOOL/$SHARE) ] ; then
echo "Creating $ZPOOL/$SHARE"
@ -193,8 +216,8 @@ chmod -R 770 /$ZPOOL
chown -R $USERNAME:root /$ZPOOL
echo "Seting hostname and fqdn"
echo "$HOSTNAME" | tee -i /etc/hostname
cat << EOF | tee -i /etc/hosts
echo "$HOSTNAME" > /etc/hostname
cat << EOF > /etc/hosts
# Host addresses
127.0.0.1 localhost
127.0.1.1 $HOSTNAME.$DOMAIN $HOSTNAME
@ -211,7 +234,7 @@ smbpasswd -x $USERNAME
usermod -aG sudo $USERNAME
echo "Writing cockpit configuration"
cat << EOF | tee -i /etc/cockpit/zfs/config.json
cat << EOF > /etc/cockpit/zfs/config.json
{
"#1": "COCKPIT ZFS MANAGER",
"#2": "WARNING: DO NOT EDIT, AUTO-GENERATED CONFIGURATION",
@ -258,7 +281,7 @@ EOF
if [ -f /etc/cockpit/zfs/shares.conf ]; then
echo "Creating cockpit zfs shares conf"
mkdir -p /etc/cockpit/zfs/
cat << EOF | tee -i /etc/cockpit/zfs/shares.conf
cat << EOF > /etc/cockpit/zfs/shares.conf
# COCKPIT ZFS MANAGER
# WARNING: DO NOT EDIT, AUTO-GENERATED CONFIGURATION
EOF
@ -269,15 +292,15 @@ sed -i 's/24/48/g' /etc/cron.hourly/zfs-auto-snapshot
sed -i 's/12/3/g' /etc/cron.monthly/zfs-auto-snapshot
echo "Configure RAID led"
echo -e 'PATH="/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"\n*/1 * * * * root echo 14 > /sys/class/gpio/export 2> /dev/null;echo out > /sys/class/gpio/gpio14/direction ; zpool import -fa -d /dev/ > /dev/null; zpool list| grep -q ONLINE; echo \$? > /sys/class/gpio/gpio14/value' | tee -i /etc/cron.d/raidled
echo -e 'PATH="/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"\n*/1 * * * * root echo 14 > /sys/class/gpio/export 2> /dev/null;echo out > /sys/class/gpio/gpio14/direction ; zpool import -fa -d /dev/ > /dev/null; zpool list| grep -q ONLINE; echo \$? > /sys/class/gpio/gpio14/value' > /etc/cron.d/raidled
echo "Write samba server configuration"
cat << EOF | tee -i /etc/samba/smb.conf
cat << EOF > /etc/samba/smb.conf
[global]
include = registry
EOF
cat << EOF | tee -i /etc/samba/import.template
cat << EOF > /etc/samba/import.template
[global]
workgroup = WORKGROUP
log file = /var/log/samba/log.%m